WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser Hangs Too Much! [Solved]

Started by Bperkins7468 , Apr 06 2014 10:37 PM

Browser slow Computer slow Hanging browser

This topic is locked

74 replies to this topic

#1 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 06 April 2014 - 10:37 PM

I just got AT&T internet a month ago but now whenever I go to a website, my browser hangs far too long. If i go to Youtube, the videos buffer too long. I don't know what's going on, and it's super frustrating!

I ran Malwarebytes and it doesn't show any virus but i don't know what else to do.

Please help!

Edited by Bperkins7468, 06 April 2014 - 10:38 PM.

Advertisements

Register to Remove

#2 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 07 April 2014 - 12:47 AM

Here is my OTL report:

OTL logfile created on: 4/6/2014 9:42:49 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Byron\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.75% Memory free

7.93 Gb Paging File | 5.87 Gb Available in Paging File | 74.05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 48.97 Gb Free Space | 42.06% Space Free | Partition Type: NTFS

Drive D: | 331.01 Gb Total Space | 167.13 Gb Free Space | 50.49% Space Free | Partition Type: NTFS

Computer Name: BYRON-PC | User Name: Byron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Byron\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Byron\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)

PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)

PRC - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (BlackBerry Limited)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)

PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()

MOD - C:\Users\Byron\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()

MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (vToolbarUpdater18.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe (AVG Secure Search)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (RIM Tunnel Service) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)

SRV - (RIM MDNS) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)

SRV - (BlackBerry Device Manager) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (BlackBerry Limited)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)

SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (BlackBerry Limited)

DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys (Research in Motion Limited)

DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)

DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ZTEusbgps) -- C:\Windows\SysNative\drivers\ZTEusbgps.sys (ZTE Incorporated)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)

DRV:64bit: - (tmobile_mf691_dc_enum) -- C:\Windows\SysNative\drivers\tmobile_mf691_dc_enum.sys (T-Mobile)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)

DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1024417699&ir=

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {D3245D6C-6383-4823-9EF2-FA463514A51C}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...7-025031DC0501}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 B2 34 07 86 1E CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR

IE - HKCU\..\SearchScopes\{9E94E40B-C742-41CB-BAC0-BD5D590DCCA5}: "URL" = http://search.yahoo....p={searchTerms}

IE - HKCU\..\SearchScopes\{B4D84896-6918-41DD-B848-1268BE62AF29}: "URL" = https://www.google.c...q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Conduit Search"

FF - prefs.js..browser.startup.homepage: "http://search.condui...73AE67ED&SSPV="

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Byron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)

FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)

FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)

FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Byron\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014/03/03 14:13:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/03/15 18:08:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/02 01:40:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/02 01:40:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/02 01:40:40 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/02 01:40:41 | 000,000,000 | ---D | M]

[2011/06/14 09:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Byron\AppData\Roaming\Mozilla\Extensions

[2014/03/02 00:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\extensions

[2014/03/31 05:41:41 | 000,000,861 | ---- | M] () -- C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\searchplugins\conduit-search.xml

[2014/03/02 01:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/03/02 01:40:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: avast! Online Security = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\

CHR - Extension: Google Wallet = C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2014/01/02 21:03:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (no name) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - No CLSID value found.

O2:64bit: - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\inbox - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\inbox - No CLSID value found

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O27:64bit: - HKLM IFEO\alu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\backache.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\backbone.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\controldeck.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\facebookmessenger.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\facemgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\icloud.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\icloudweb.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\logonmgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\p4gxui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\shellstreamsshortcut.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\alu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\backache.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\backbone.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\controldeck.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\facebookmessenger.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\facemgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\icloud.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\icloudweb.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\logonmgr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\p4gxui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\shellstreamsshortcut.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2014/04/01 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files

[2014/03/30 17:12:07 | 000,000,000 | ---D | C] -- C:\Users\Byron\Desktop\Tools in Spanish

[2014/03/21 18:11:47 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2014/03/21 18:11:47 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2014/03/21 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2014/03/21 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2014/03/21 14:16:33 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\SearchProtect

[2014/03/19 20:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2014/03/18 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Optimizer Pro

[2014/03/18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro

[2014/03/18 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014

[2014/03/18 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2014

[2014/03/18 13:11:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

[2014/03/18 12:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs

[2014/03/18 12:13:39 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Nero

[2014/03/18 12:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

[2014/03/18 12:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero

[2014/03/18 02:02:23 | 000,000,000 | ---D | C] -- C:\Users\Byron\Documents\Optimizer Pro

[2014/03/18 01:57:06 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\IObit

[2014/03/18 01:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evonsoft Computer Repair

[2014/03/18 01:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evonsoft Computer Repair

[2014/03/17 20:34:15 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\Ahead

[2014/03/16 22:13:34 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll

[2014/03/16 22:13:31 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL

[2014/03/15 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Roaming\AVAST Software

[2014/03/15 18:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

[2014/03/15 18:08:15 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys

[2014/03/15 18:08:13 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2014/03/15 18:08:13 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2014/03/15 18:08:13 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2014/03/15 18:08:13 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2014/03/15 18:08:11 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2014/03/15 18:08:06 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/03/15 18:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2014/03/15 18:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2014/03/13 00:54:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/03/13 00:54:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014/03/13 00:54:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014/03/13 00:54:14 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/03/13 00:54:14 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014/03/13 00:54:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/03/13 00:54:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014/03/13 00:54:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014/03/13 00:54:13 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/03/13 00:54:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/03/13 00:54:12 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014/03/13 00:54:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/03/13 00:54:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014/03/13 00:54:10 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/03/13 00:54:10 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/03/13 00:54:09 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/03/13 00:54:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014/03/13 00:54:08 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/03/13 00:54:07 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/03/13 00:54:07 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014/03/13 00:54:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/03/13 00:54:06 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2014/03/13 00:54:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014/03/13 00:54:05 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014/03/13 00:51:05 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll

[2014/03/13 00:51:05 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll

[2014/03/13 00:45:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2014/03/13 00:45:56 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2014/03/13 00:45:56 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2014/03/12 08:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2014/03/12 08:17:08 | 005,777,288 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2014/03/07 23:51:57 | 000,000,000 | ---D | C] -- C:\Users\Byron\Documents\Nero Home

[2014/03/07 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Byron\AppData\Local\Ahead

[2014/03/07 23:06:47 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2014/03/07 23:06:47 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2014/03/07 22:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry

[2008/08/11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2014/04/06 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/04/04 11:01:02 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/04/04 11:01:02 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/04/04 10:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/04/03 00:06:01 | 000,000,875 | ---- | M] () -- C:\Users\Byron\Desktop\BitTorrent.lnk

[2014/04/03 00:06:01 | 000,000,855 | ---- | M] () -- C:\Users\Byron\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2014/04/01 15:23:05 | 000,225,686 | ---- | M] () -- C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm

[2014/03/30 23:40:33 | 000,422,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/03/30 21:01:30 | 002,409,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/03/30 21:01:30 | 000,731,358 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/03/30 21:01:30 | 000,006,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/03/29 02:03:52 | 028,708,780 | ---- | M] () -- C:\Users\Byron\Desktop\Prosperity_II.mp3

[2014/03/29 02:00:25 | 028,680,359 | ---- | M] () -- C:\Users\Byron\Desktop\Prosperity_I.mp3

[2014/03/25 19:55:57 | 008,407,552 | ---- | M] () -- C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps

[2014/03/22 20:15:27 | 000,089,846 | ---- | M] () -- C:\Users\Byron\Desktop\rolex-rose-gold-president.jpg

[2014/03/20 22:49:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job

[2014/03/20 22:49:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job

[2014/03/20 22:28:22 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job

[2014/03/20 22:28:22 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job

[2014/03/20 08:06:17 | 000,129,829 | ---- | M] () -- C:\Users\Byron\Desktop\2015-bentley-continental-gt-speed-coupe-photo-578362-s-1280x782.jpg

[2014/03/19 20:37:10 | 001,784,242 | ---- | M] () -- C:\Users\Byron\Desktop\Customer Appreciation.pdf

[2014/03/18 21:44:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/03/18 21:44:53 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/03/18 13:15:09 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk

[2014/03/18 13:15:09 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk

[2014/03/17 15:11:54 | 000,175,358 | ---- | M] () -- C:\Users\Byron\Desktop\Customer Acquisition.pdf

[2014/03/17 15:04:12 | 002,318,360 | ---- | M] () -- C:\Users\Byron\Desktop\customer-acquisition.pdf

[2014/03/17 07:07:19 | 028,711,643 | ---- | M] () -- C:\Users\Byron\Desktop\Forgiveness_II.mp3

[2014/03/17 07:07:12 | 000,666,948 | ---- | M] () -- C:\Users\Byron\Desktop\ListeningInstructionandScripts.pdf

[2014/03/17 07:07:10 | 028,711,849 | ---- | M] () -- C:\Users\Byron\Desktop\Forgiveness_I.mp3

[2014/03/15 18:08:54 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2014/03/15 18:08:07 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2014/03/15 18:08:07 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2014/03/15 18:08:07 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2014/03/15 18:08:07 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2014/03/15 18:08:07 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2014/03/15 18:08:07 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys

[2014/03/15 18:08:07 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2014/03/15 18:08:07 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2014/03/15 18:08:06 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/03/15 17:17:11 | 000,007,597 | ---- | M] () -- C:\Users\Byron\AppData\Local\Resmon.ResmonCfg

[2014/03/12 08:17:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/03/12 08:17:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/03/12 08:17:08 | 005,777,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2014/03/08 10:25:53 | 000,001,170 | ---- | M] () -- C:\0

[2014/03/07 22:37:49 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Link.lnk

========== Files Created - No Company Name ==========

[2014/04/03 00:06:01 | 000,000,875 | ---- | C] () -- C:\Users\Byron\Desktop\BitTorrent.lnk

[2014/04/03 00:06:01 | 000,000,855 | ---- | C] () -- C:\Users\Byron\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2014/04/01 15:23:03 | 000,225,686 | ---- | C] () -- C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm

[2014/03/30 23:40:11 | 000,422,256 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/03/30 21:01:45 | 000,038,548 | ---- | C] () -- C:\Users\Byron\Desktop\Byron Plain.jpg

[2014/03/29 02:03:31 | 028,708,780 | ---- | C] () -- C:\Users\Byron\Desktop\Prosperity_II.mp3

[2014/03/29 02:00:25 | 028,680,359 | ---- | C] () -- C:\Users\Byron\Desktop\Prosperity_I.mp3

[2014/03/25 19:55:36 | 008,407,552 | ---- | C] () -- C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps

[2014/03/22 20:15:26 | 000,089,846 | ---- | C] () -- C:\Users\Byron\Desktop\rolex-rose-gold-president.jpg

[2014/03/20 08:06:17 | 000,129,829 | ---- | C] () -- C:\Users\Byron\Desktop\2015-bentley-continental-gt-speed-coupe-photo-578362-s-1280x782.jpg

[2014/03/19 20:37:09 | 001,784,242 | ---- | C] () -- C:\Users\Byron\Desktop\Customer Appreciation.pdf

[2014/03/19 08:18:25 | 005,827,896 | ---- | C] () -- C:\Users\Byron\Desktop\ChanLineup_Public Viewing.pdf

[2014/03/19 08:18:18 | 003,561,728 | ---- | C] () -- C:\Users\Byron\Desktop\Sales Guide Feb 6 - May 21 (3).pdf

[2014/03/18 13:15:09 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk

[2014/03/18 13:15:09 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

[2014/03/18 13:15:09 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk

[2014/03/17 15:11:53 | 000,175,358 | ---- | C] () -- C:\Users\Byron\Desktop\Customer Acquisition.pdf

[2014/03/17 15:04:12 | 002,318,360 | ---- | C] () -- C:\Users\Byron\Desktop\customer-acquisition.pdf

[2014/03/17 07:07:11 | 000,666,948 | ---- | C] () -- C:\Users\Byron\Desktop\ListeningInstructionandScripts.pdf

[2014/03/17 07:06:47 | 028,711,643 | ---- | C] () -- C:\Users\Byron\Desktop\Forgiveness_II.mp3

[2014/03/17 07:06:37 | 028,711,849 | ---- | C] () -- C:\Users\Byron\Desktop\Forgiveness_I.mp3

[2014/03/15 18:08:54 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2014/03/15 18:08:14 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2014/03/15 18:08:14 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2014/03/07 22:37:49 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Link.lnk

[2013/12/22 02:45:41 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/12/15 18:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\skyx24.sys

[2013/12/15 18:41:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\rotw.sys

[2013/09/30 23:43:34 | 000,000,256 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\default.rss

[2013/09/19 00:16:55 | 000,000,093 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\WB.CFG

[2013/09/19 00:16:55 | 000,000,006 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\WBPU-TTL.DAT

[2013/09/18 23:15:25 | 000,000,258 | RHS- | C] () -- C:\Users\Byron\ntuser.pol

[2013/02/12 00:46:09 | 000,000,005 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\mbam.context.scan

[2012/08/20 00:32:25 | 000,744,186 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/30 18:19:18 | 000,000,300 | ---- | C] () -- C:\Users\Byron\AppData\Roaming\burnaware.ini

[2012/04/30 08:56:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat

[2012/04/17 08:19:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/17 08:19:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/17 08:19:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/17 08:19:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/17 08:19:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/12/19 23:56:30 | 000,009,908 | -HS- | C] () -- C:\Users\Byron\AppData\Local\811410x6x458s346j352j8tkd0v6

[2011/12/15 01:22:10 | 000,010,348 | -HS- | C] () -- C:\Users\Byron\AppData\Local\k5ne3dx5w3g8lgoeol54uau4jn5g6uu0ml770

[2011/12/15 01:22:10 | 000,010,348 | -HS- | C] () -- C:\ProgramData\k5ne3dx5w3g8lgoeol54uau4jn5g6uu0ml770

[2011/12/11 02:34:58 | 000,012,408 | ---- | C] () -- C:\Users\Byron\AppData\Local\mqfhxd5j5dcs1adb7nby5l851v3b

[2011/12/11 02:34:58 | 000,012,408 | ---- | C] () -- C:\ProgramData\mqfhxd5j5dcs1adb7nby5l851v3b

[2011/06/03 10:48:13 | 000,007,597 | ---- | C] () -- C:\Users\Byron\AppData\Local\Resmon.ResmonCfg

[2011/04/30 01:57:31 | 000,087,040 | ---- | C] () -- C:\Users\Byron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008/05/22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2012/08/17 01:13:08 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\L

[2012/08/17 01:13:09 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}\U

[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\L

[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}\U

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/01 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\1H1Q

[2012/03/15 02:00:21 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Acoustica

[2012/08/13 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Ad-Aware Antivirus

[2013/12/15 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Anvisoft

[2011/09/02 00:59:44 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Auslogics

[2014/03/15 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\AVAST Software

[2013/12/15 16:39:21 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\AVG2014

[2014/04/06 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\BitTorrent

[2012/03/11 01:31:49 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\bppenu11

[2013/09/18 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\DigitalSite

[2011/12/06 11:41:41 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\dNNyyxAA0

[2014/03/02 23:45:30 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\DriverCure

[2014/03/31 12:00:47 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Dropbox

[2012/04/30 08:56:29 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\DVD-Cloner

[2011/11/26 01:26:53 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\EEF2E

[2011/11/26 01:16:32 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\EF33ppnG5aQHd

[2013/11/12 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\EVo4FjY740LHpTDw751wI5L4vV2gn5jV

[2013/08/16 20:30:57 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\FCCEE

[2013/04/21 01:55:53 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Firetrust

[2014/03/06 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Five9

[2012/04/30 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\ImgBurn

[2014/03/18 01:57:06 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\IObit

[2011/05/16 00:33:27 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\iolo

[2012/04/18 09:11:35 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\MechCAD

[2012/09/16 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Nico Mak Computing

[2011/05/18 22:10:44 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Nuance

[2014/03/18 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Optimizer Pro

[2011/11/26 00:56:08 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\QdddWK88fRL

[2012/03/19 07:33:24 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Registry Mechanic

[2013/07/14 00:05:51 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Research In Motion

[2014/03/02 23:45:29 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\SpeedyPC Software

[2011/11/26 00:56:09 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\SXqqjjYCekIVz

[2013/09/18 23:22:27 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\Systweak

[2014/03/18 13:14:53 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\TuneUp Software

[2014/03/02 13:35:20 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\ValueApps

[2014/03/02 23:57:25 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\WebCam Recorder

[2014/03/02 23:57:28 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\WhiteSmoke

[2011/11/26 00:56:18 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\WPPPNyyxAuvSob3

[2013/07/13 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Byron\AppData\Roaming\XCPCSync.OEM

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >

[2009/07/13 19:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >

[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >

[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >

[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui

[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui

[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui

[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.ZIP >

[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.EXE >

[2013/11/12 04:06:45 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe

[2014/03/01 15:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2014/03/01 15:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe

[2014/02/06 15:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe

[2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Program Files\Internet Explorer\iexplore.exe

[2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe

[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe

[2014/02/06 15:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe

[2013/11/12 04:06:48 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\ERDNT\cache86\iexplore.exe

[2013/11/12 04:06:48 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >

[2013/11/12 04:06:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui

[2013/11/12 04:06:45 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

[2013/11/12 04:06:45 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui

[2013/11/12 04:06:49 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >

[2014/04/05 08:09:16 | 000,316,782 | ---- | M] () MD5=E16AD51FEDB4A018A588FC7FA895DAFB -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: IEXPLORE.EXE-908C99F8.PF >

[2014/04/05 08:09:20 | 000,080,266 | ---- | M] () MD5=C75627F3259018A609E9AC5F924806A1 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: SERVICES >

[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\system64\drivers\etc\services

[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >

[2013/12/18 11:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\system64\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui

[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\system64\en-US\services.exe.mui

[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >

[2009/07/13 23:54:06 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/13 23:54:06 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >

[2012/09/26 01:38:52 | 000,000,427 | ---- | M] () MD5=C2DC82B7C6EB8CF3D29317DDEB712033 -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QHNET3XB\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >

[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof

[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\system64\wbem\services.mof

[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc

[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc

[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\en-US\services.msc

[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\services.msc

[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >

[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml

[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\system64\wdi\perftrack\Services.ptxml

[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.TICO >

[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2014\data\services.tico

< MD5 for: WINLOGON.ADML >

[2009/07/13 19:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >

[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >

[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui

[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\system64\en-US\winlogon.exe.mui

[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >

[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl

[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\system64\wbem\en-US\winlogon.mfl

[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >

[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof

[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\system64\wbem\winlogon.mof

[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >

[2014/03/08 10:25:53 | 000,001,170 | ---- | M] () -- C:\0

[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2014/04/04 10:53:24 | 4258,357,248 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2014/03/15 18:08:06 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >

Volume in drive C is OS

Volume Serial Number is FCCE-EF2E

Directory of C:\

07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]

0 File(s) 0 bytes

Directory of C:\ProgramData

07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]

07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]

07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]

07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]

07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users

07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]

07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]

0 File(s) 0 bytes

Directory of C:\Users\All Users

07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]

07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]

07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]

07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]

07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Byron

04/29/2011 07:50 PM <JUNCTION> Application Data [C:\Users\Byron\AppData\Roaming]

04/29/2011 07:50 PM <JUNCTION> Cookies [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Cookies]

04/29/2011 07:50 PM <JUNCTION> Local Settings [C:\Users\Byron\AppData\Local]

04/29/2011 07:50 PM <JUNCTION> My Documents [C:\Users\Byron\Documents]

04/29/2011 07:50 PM <JUNCTION> NetHood [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

04/29/2011 07:50 PM <JUNCTION> PrintHood [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

04/29/2011 07:50 PM <JUNCTION> Recent [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Recent]

04/29/2011 07:50 PM <JUNCTION> SendTo [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\SendTo]

04/29/2011 07:50 PM <JUNCTION> Start Menu [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu]

04/29/2011 07:50 PM <JUNCTION> Templates [C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Byron\AppData\Local

04/29/2011 07:50 PM <JUNCTION> Application Data [C:\Users\Byron\AppData\Local]

04/29/2011 07:50 PM <JUNCTION> History [C:\Users\Byron\AppData\Local\Microsoft\Windows\History]

04/29/2011 07:50 PM <JUNCTION> Temporary Internet Files [C:\Users\Byron\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Byron\Documents

04/29/2011 07:50 PM <JUNCTION> My Music [C:\Users\Byron\Music]

04/29/2011 07:50 PM <JUNCTION> My Pictures [C:\Users\Byron\Pictures]

04/29/2011 07:50 PM <JUNCTION> My Videos [C:\Users\Byron\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Default

07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]

07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]

07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]

07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]

07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]

07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]

07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Guest

11/16/2011 05:48 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]

11/16/2011 05:48 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]

11/16/2011 05:48 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]

11/16/2011 05:48 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]

11/16/2011 05:48 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

11/16/2011 05:48 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

11/16/2011 05:48 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]

11/16/2011 05:48 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]

11/16/2011 05:48 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]

11/16/2011 05:48 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Guest\AppData\Local

11/16/2011 05:48 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]

11/16/2011 05:48 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]

11/16/2011 05:48 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Guest\Documents

11/16/2011 05:48 PM <JUNCTION> My Music [C:\Users\Guest\Music]

11/16/2011 05:48 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]

11/16/2011 05:48 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]

07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]

07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]

0 File(s) 0 bytes

Directory of C:\Windows

11/26/2011 12:54 AM <JUNCTION> system64 [c:\users]

0 File(s) 0 bytes

Total Files Listed:

0 File(s) 0 bytes

66 Dir(s) 52,578,844,672 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2011/12/22 11:32:35 | 000,000,221 | -HS- | M] () -- C:\Users\Byron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

[2008/05/22 09:35:54 | 000,051,962 | ---- | M] () -- C:\Program Files (x86)\Common Files\banner.jpg

[2009/04/08 11:31:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008/08/11 22:45:20 | 000,155,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========

[2013/11/23 03:46:04 | 105,835,460 | ---- | M] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\붩㍵ὄ¡

[2013/11/23 03:46:04 | 105,835,460 | ---- | C] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\붩㍵ὄ¡

[2013/11/22 14:39:22 | 105,774,717 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\붭뗌ὄ

[2013/11/21 20:39:37 | 105,774,717 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\붭뗌ὄ

[2013/11/18 14:39:10 | 104,986,035 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\ᅓ⍁ὄ

[2013/11/18 02:39:22 | 104,986,035 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\ᅓ⍁ὄ

[2013/11/15 20:39:44 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\稱ⱍὄ

[2013/11/15 20:39:44 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\稱ⱍὄ

[2013/11/15 13:46:09 | 104,496,569 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\绠ꚁὄ

[2013/11/14 19:46:45 | 104,496,569 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\绠ꚁὄ

[2013/11/14 07:46:09 | 104,225,154 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\犊෌ὄ

[2013/11/14 07:46:09 | 104,225,154 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\犊෌ὄ

[2013/11/12 13:26:01 | 103,974,937 | ---- | M] ()(C:\Windows\SysWow64\???d) -- C:\Windows\SysWow64\됴렾ὄd

[2013/11/12 07:25:52 | 103,974,937 | ---- | C] ()(C:\Windows\SysWow64\???d) -- C:\Windows\SysWow64\됴렾ὄd

[2013/11/08 13:26:02 | 103,316,092 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\희ὄ

[2013/11/08 07:25:30 | 103,316,092 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\희ὄ

[2013/11/06 01:16:50 | 105,166,163 | ---- | M] ()(C:\Windows\SysWow64\???P) -- C:\Windows\SysWow64\ὄP

[2013/11/05 19:17:01 | 105,166,163 | ---- | C] ()(C:\Windows\SysWow64\???P) -- C:\Windows\SysWow64\ὄP

[2013/11/04 19:17:36 | 105,017,276 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꕘὄ

[2013/11/04 19:17:36 | 105,017,276 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꕘὄ

[2013/11/03 12:13:19 | 104,814,100 | ---- | M] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\퐽ꜟὄa

[2013/11/03 06:13:13 | 104,814,100 | ---- | C] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\퐽ꜟὄa

[2013/11/02 12:13:12 | 104,684,788 | ---- | M] ()(C:\Windows\SysWow64\???l) -- C:\Windows\SysWow64\쑲ࠁὄl

[2013/11/02 06:13:14 | 104,684,788 | ---- | C] ()(C:\Windows\SysWow64\???l) -- C:\Windows\SysWow64\쑲ࠁὄl

[2013/11/01 12:13:09 | 104,569,497 | ---- | M] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\䒟骮ὄ«

[2013/11/01 00:13:20 | 104,569,497 | ---- | C] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\䒟骮ὄ«

[2013/10/29 03:16:18 | 103,932,228 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\燾쀧ὄ9

[2013/10/28 03:16:17 | 103,932,228 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\燾쀧ὄ9

[2013/10/25 13:58:28 | 103,054,676 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\셅㬓ὄ

[2013/10/25 01:58:38 | 103,054,676 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\셅㬓ὄ

[2013/10/24 08:39:42 | 102,787,172 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\倭継ὄ

[2013/10/24 08:39:42 | 102,787,172 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\倭継ὄ

[2013/10/23 20:40:06 | 102,749,940 | ---- | M] ()(C:\Windows\SysWow64\???N) -- C:\Windows\SysWow64\石ὄN

[2013/10/23 20:40:06 | 102,749,940 | ---- | C] ()(C:\Windows\SysWow64\???N) -- C:\Windows\SysWow64\石ὄN

[2013/10/23 12:57:40 | 102,674,996 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\똓쒢ὄ

[2013/10/21 00:57:38 | 102,674,996 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\똓쒢ὄ

[2013/10/20 06:57:32 | 102,068,998 | ---- | M] ()(C:\Windows\SysWow64\???±) -- C:\Windows\SysWow64\ꍄ᪑ὄ±

[2013/10/16 18:56:55 | 102,068,998 | ---- | C] ()(C:\Windows\SysWow64\???±) -- C:\Windows\SysWow64\ꍄ᪑ὄ±

[2013/10/16 06:56:57 | 101,406,750 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫑튑ὄ

[2013/10/15 18:57:07 | 101,406,750 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫑튑ὄ

[2013/10/15 12:56:50 | 101,237,240 | ---- | M] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\ꌎ꺩ὄO

[2013/10/15 06:57:04 | 101,237,240 | ---- | C] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\ꌎ꺩ὄO

[2013/10/14 18:56:58 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\???m) -- C:\Windows\SysWow64\偨ὄm

[2013/10/14 18:56:58 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\???m) -- C:\Windows\SysWow64\偨ὄm

[2013/10/13 18:57:22 | 100,838,141 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㾄眹ὄ

[2013/10/12 06:56:29 | 100,838,141 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㾄眹ὄ

[2013/10/10 00:30:08 | 100,221,909 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\퀣ႇὄ

[2013/10/10 00:30:08 | 100,221,909 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\퀣ႇὄ

[2013/10/09 09:00:15 | 100,163,860 | ---- | M] ()(C:\Windows\SysWow64\???Y) -- C:\Windows\SysWow64\⾁츳ὄY

[2013/10/09 09:00:15 | 100,163,860 | ---- | C] ()(C:\Windows\SysWow64\???Y) -- C:\Windows\SysWow64\⾁츳ὄY

[2013/10/04 13:05:04 | 099,288,311 | ---- | M] ()(C:\Windows\SysWow64\???7) -- C:\Windows\SysWow64\᱂㡫ὄ7

[2013/10/02 19:04:55 | 099,288,311 | ---- | C] ()(C:\Windows\SysWow64\???7) -- C:\Windows\SysWow64\᱂㡫ὄ7

[2013/10/02 13:05:08 | 098,834,313 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\亩猐ὄ

[2013/09/30 19:05:09 | 098,834,313 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\亩猐ὄ

[2013/09/30 12:37:02 | 098,541,442 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\롏ὄ

[2013/09/30 00:37:06 | 098,541,442 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\롏ὄ

[2013/09/29 12:37:01 | 098,466,785 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\箰ѷὄ

[2013/09/29 06:37:02 | 098,466,785 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\箰ѷὄ

[2013/09/27 11:26:18 | 098,286,374 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\边冑ὄ

[2013/09/27 05:26:25 | 098,286,374 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\边冑ὄ

[2013/09/26 12:22:41 | 098,009,570 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鴵埨ὄ

[2013/09/25 18:22:37 | 098,009,570 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鴵埨ὄ

[2013/09/25 12:22:38 | 097,858,179 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꮧ꣇ὄ

[2013/09/24 18:23:25 | 097,858,179 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꮧ꣇ὄ

[2013/09/24 09:33:59 | 097,531,747 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\烱쿉ὄ

[2013/09/23 21:34:25 | 097,531,747 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\烱쿉ὄ

[2013/09/23 15:33:59 | 098,798,431 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᯌ钹ὄ

[2013/09/21 03:33:49 | 098,798,431 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᯌ钹ὄ

[2013/09/20 12:28:07 | 098,498,750 | ---- | M] ()(C:\Windows\SysWow64\???c) -- C:\Windows\SysWow64\׋䌋ὄc

[2013/09/19 18:27:59 | 098,498,750 | ---- | C] ()(C:\Windows\SysWow64\???c) -- C:\Windows\SysWow64\׋䌋ὄc

[2013/09/19 12:27:59 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\׆趿ὄC

[2013/09/19 00:28:19 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\׆趿ὄC

[2013/09/18 12:27:59 | 098,177,822 | ---- | M] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\틛梻ὄ¢

[2013/09/18 00:28:00 | 098,177,822 | ---- | C] ()(C:\Windows\SysWow64\???¢) -- C:\Windows\SysWow64\틛梻ὄ¢

[2013/09/17 12:23:55 | 098,062,984 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\揚ὄ

[2013/09/15 12:23:53 | 098,062,984 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\揚ὄ

[2013/09/14 12:23:47 | 097,600,188 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\癛圪ὄ

[2013/09/13 18:23:45 | 097,600,188 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\癛圪ὄ

[2013/09/13 12:23:45 | 097,503,480 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\怸‣ὄ

[2013/09/12 18:23:42 | 097,503,480 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\怸‣ὄ

[2013/09/12 12:23:42 | 097,373,152 | ---- | M] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\োⅾὄG

[2013/09/12 12:23:42 | 097,373,152 | ---- | C] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\োⅾὄG

[2013/09/12 00:23:45 | 097,238,077 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\␦蝇ὄ

[2013/09/11 18:23:42 | 097,238,077 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\␦蝇ὄ

[2013/09/11 12:23:40 | 097,171,315 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鈵䯺ὄ

[2013/09/11 00:23:46 | 097,171,315 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\鈵䯺ὄ

[2013/09/10 09:49:35 | 096,985,259 | ---- | M] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\環ὄ¨

[2013/09/09 21:48:57 | 096,985,259 | ---- | C] ()(C:\Windows\SysWow64\???¨) -- C:\Windows\SysWow64\環ὄ¨

[2013/09/06 21:07:02 | 096,496,803 | ---- | M] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\ꨅフḼH

[2013/09/06 21:07:02 | 096,496,803 | ---- | C] ()(C:\Windows\SysWow64\???H) -- C:\Windows\SysWow64\ꨅフḼH

[2013/09/06 07:05:58 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\݌䡿Ḽ

[2013/09/05 18:43:30 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\݌䡿Ḽ

[2013/09/04 07:53:42 | 095,863,165 | ---- | M] ()(C:\Windows\SysWow64\???F) -- C:\Windows\SysWow64\믾❫ḼF

[2013/09/04 07:53:42 | 095,863,165 | ---- | C] ()(C:\Windows\SysWow64\???F) -- C:\Windows\SysWow64\믾❫ḼF

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#3 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 11 April 2014 - 05:35 AM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

It seems that you have ran ComboFix already as well? Could you go to C:\ComboFix.txt and post that text file please?
-------------

FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------

#4 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 11 April 2014 - 02:58 PM

ComboFix 14-04-09.02 - Byron 04/11/2014 13:36:12.11.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1930 [GMT -7:00]

Running from: c:\users\Byron\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((( Files Created from 2014-03-11 to 2014-04-11 )))))))))))))))))))))))))))))))

2014-04-11 20:46 . 2014-04-11 20:46 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-04-11 20:46 . 2014-04-11 20:46 -------- d-----w- c:\users\Guest\AppData\Local\temp

2014-04-11 20:46 . 2014-04-11 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-10 04:11 . 2014-04-10 04:12 -------- d-----w- c:\users\Byron\AppData\Local\Amazon Cloud Player

2014-04-09 04:20 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll

2014-04-09 04:20 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-04-09 04:20 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-04-07 18:04 . 2014-04-07 18:04 43152 ----a-w- c:\windows\avastSS.scr

2014-03-22 01:11 . 2012-05-05 02:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2014-03-22 01:11 . 2012-05-05 02:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2014-03-21 21:17 . 2014-03-21 21:17 -------- d-----w- c:\program files (x86)\VS Revo Group

2014-03-21 21:16 . 2014-03-21 21:16 -------- d-----w- c:\users\Byron\AppData\Local\SearchProtect

2014-03-19 06:21 . 2014-03-19 06:21 -------- d-----w- c:\users\Byron\AppData\Roaming\Optimizer Pro

2014-03-19 06:21 . 2014-04-01 22:13 -------- d-----w- c:\program files (x86)\Optimizer Pro

2014-03-18 20:14 . 2014-03-18 20:15 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014

2014-03-18 20:11 . 2014-03-18 20:42 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2014-03-18 19:53 . 2014-03-18 19:53 -------- d-----w- c:\programdata\Logs

2014-03-18 19:13 . 2014-03-18 19:29 -------- d-----w- c:\users\Byron\AppData\Roaming\Nero

2014-03-18 19:03 . 2014-03-18 19:11 -------- d-----w- c:\program files (x86)\Nero

2014-03-18 08:57 . 2014-03-18 08:57 -------- d-----w- c:\users\Byron\AppData\Roaming\IObit

2014-03-18 08:57 . 2014-03-18 08:57 -------- d-----w- c:\program files (x86)\Evonsoft Computer Repair

2014-03-18 03:34 . 2014-03-18 03:34 -------- d-----w- c:\users\Byron\AppData\Roaming\Ahead

2014-03-17 05:13 . 2002-01-05 14:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll

2014-03-17 05:13 . 1998-06-18 08:00 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL

2014-03-16 01:09 . 2014-03-16 01:09 -------- d-----w- c:\users\Byron\AppData\Roaming\AVAST Software

2014-03-16 01:08 . 2014-04-07 18:04 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-03-16 01:08 . 2014-04-07 18:04 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-03-16 01:08 . 2014-04-07 18:04 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-03-16 01:08 . 2014-04-07 18:04 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-03-16 01:08 . 2014-04-07 18:04 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-03-16 01:08 . 2014-04-07 18:04 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-03-16 01:08 . 2014-04-07 18:04 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-03-16 01:08 . 2014-04-07 18:04 334648 ----a-w- c:\windows\system32\aswBoot.exe

2014-03-16 01:07 . 2014-03-16 01:07 -------- d-----w- c:\program files\AVAST Software

2014-03-16 01:06 . 2014-03-16 01:06 -------- d-----w- c:\programdata\AVAST Software

2014-03-13 07:51 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll

2014-03-13 07:51 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll

2014-03-13 07:51 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll

2014-03-13 07:50 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-03-13 07:45 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-03-13 07:45 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll

2014-03-13 07:45 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2014-03-13 07:45 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-04-09 10:02 . 2011-05-01 03:52 90655440 ----a-w- c:\windows\system32\MRT.exe

2014-03-16 23:35 . 2011-07-22 03:36 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2014-03-16 23:35 . 2011-07-22 03:35 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2014-03-16 23:34 . 2011-07-22 03:35 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2014-03-16 23:34 . 2011-08-15 17:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2014-03-12 15:17 . 2012-04-04 07:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-12 15:17 . 2011-09-16 01:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-12 15:17 . 2014-03-12 15:17 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-03-04 09:17 . 2014-04-09 04:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-03-03 21:13 . 2014-02-13 22:19 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2014-02-20 00:24 . 2014-02-20 00:24 119808 ----a-r- c:\users\Byron\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2014-01-30 00:42 . 2014-01-30 00:42 507904 ----a-r- c:\windows\SysWow64\btwapi.dll

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2014-03-03 21:13 3461144 ----a-w- c:\program files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll" [2014-03-03 3461144]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BackgroundContainer"="c:\users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]

"Amazon Cloud Player"="c:\users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-03-07 3168576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-07 3854640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpUninstallDeleteDir"="rmdir" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"RequireSignedAppInit_DLLs"=0 (0x0)

"LoadAppInit_Dlls"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

R1 ehdrv;ehdrv; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 eamonm;eamonm; [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 DIRECTIO;DIRECTIO; [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 massfilter;Mass Storage Filter Driver; [x]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbgps.sys [x]

R3 ZTEusbMB;ZTE NMEAExt2 Port; [x]

R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbwwan.sys [x]

R4 avgfws;AVG Firewall; [x]

R4 AVGIDSAgent;AVGIDSAgent; [x]

R4 AVGIDSDriver;AVGIDSDriver; [x]

R4 AVGIDSHA;AVGIDSHA; [x]

R4 Avgrkx64;AVG Anti-Rootkit Driver; [x]

R4 Avgtdia;AVG TDI Driver; [x]

R4 avgwd;AVG WatchDog; [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

R4 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]

S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]

S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]

S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]

S3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\tmobile_mf691_dc_enum.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

Contents of the 'Scheduled Tasks' folder

2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:17]

2014-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job

- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-27 18:39]

2014-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job

- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-27 18:39]

2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]

2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]

2014-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job

- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 19:44]

2014-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job

- c:\users\Byron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 19:44]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-04-07 18:04 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

------- Supplementary Scan -------

uStart Page = hxxp://google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll

FF - ProfilePath - c:\users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\

FF - prefs.js: browser.search.selectedEngine - Conduit Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED&SSPV=

FF - ExtSQL: 2014-03-01 10:26; {2ff5898b-2f88-497e-9b32-fa8cf959fbf9}; c:\program files (x86)\Re-markit-soft\155.xpi

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

BHO-{93DBF2BB-A2B3-4683-A92E-57E60751F346} - (no file)

ShellIconOverlayIdentifiers-{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} - (no file)

ShellIconOverlayIdentifiers-{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} - (no file)

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=hex:51,66,7a,6c,4c,1d,38,12,c4,f1,d4,

8c,0d,b7,42,06,f0,18,f4,98,5c,39,e1,33

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,9a,52,

54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

c:\windows\SysWOW64\Rundll32.exe

**************************************************************************

Completion time: 2014-04-11 13:57:15 - machine was rebooted

ComboFix-quarantined-files.txt 2014-04-11 20:57

ComboFix2.txt 2013-12-16 01:49

ComboFix3.txt 2013-12-16 01:05

ComboFix4.txt 2012-08-17 19:25

ComboFix5.txt 2014-01-01 06:45

Pre-Run: 53,168,803,840 bytes free

Post-Run: 53,101,735,936 bytes free

- - End Of File - - C81193F7EDDB87E1627F2BFD5A19E086

A36C5E4F47E84449FF07ED3517B43A31

#5 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 11 April 2014 - 03:06 PM

Addition.txt 47.57KB 261 downloadsHi Jeff!

Thanks for replying to my post! I appreciate your help! Here's my FRST txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2014
Ran by Byron (administrator) on BYRON-PC on 11-04-2014 14:02:06
Running from C:\Users\Byron\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-07] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [Amazon Cloud Player] - C:\Users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Policies\Explorer: [NoInstrumentation] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3B23407861ECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1024417699&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {D3245D6C-6383-4823-9EF2-FA463514A51C} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...7-025031DC0501}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {9E94E40B-C742-41CB-BAC0-BD5D590DCCA5} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {B4D84896-6918-41DD-B848-1268BE62AF29} URL = https://www.google.c...q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - No File
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default
FF user.js: detected! => C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\user.js
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED&SSPV=
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Byron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @starfield.com/off - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Byron\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\searchplugins\conduit-search.xml
FF Extension: WBE Paste - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2011-06-14]
FF Extension: Workspace Email Zoom - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2011-06-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-15]

Chrome:
=======
CHR Extension: (avast! Online Security) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]
CHR Extension: (Google Wallet) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Byron\AppData\Local\funmoods.crx [2013-08-30]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Byron\AppData\Local\funmoods-speeddial_sf.crx [2013-08-30]
CHR HKCU\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-07]
CHR HKLM-x32\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Byron\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2013-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-07] (AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-10-25] (PC Tools)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)
S4 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)
S4 avgfws; No ImagePath
S4 AVGIDSAgent; No ImagePath
S4 avgwd; No ImagePath

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-07] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-07] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSDriver; No ImagePath
S4 AVGIDSHA; No ImagePath
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
S4 Avgrkx64; No ImagePath
S4 Avgtdia; No ImagePath
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 catchme; No ImagePath
S3 DIRECTIO; No ImagePath
S2 eamonm; No ImagePath
S1 ehdrv; No ImagePath
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter; No ImagePath
S3 PCTINDIS5X64; No ImagePath
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)
S3 TuneUpUtilitiesDrv; No ImagePath
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated)
S3 ZTEusbMB; No ImagePath
S3 ZTEusbmdm6k; No ImagePath
S3 ZTEusbnmea; No ImagePath
S3 ZTEusbser6k; No ImagePath
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-11 14:02 - 2014-04-11 14:02 - 00019365 _____ () C:\Users\Byron\Downloads\FRST.txt
2014-04-11 14:01 - 2014-04-11 14:02 - 00000000 ____D () C:\FRST
2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt
2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp
2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp
2014-04-11 01:19 - 2014-04-11 01:27 - 525038428 ____R () C:\Users\Byron\Downloads\The.Amazing.Race.S24E06.HDTV.x264-LOL.mp4
2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent
2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E14 HDTV x264-2HD[ettv]
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E13 HDTV x264-2HD[ettv]
2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent
2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp
2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E
2014-04-09 21:11 - 2014-04-09 21:12 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk
2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-09 21:10 - 2014-04-09 21:11 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-08 21:20 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 21:20 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 21:20 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 21:20 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 21:19 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 21:19 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 21:19 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 21:19 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 21:19 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 21:19 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 21:19 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 21:19 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 21:19 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 21:19 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 21:19 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 21:19 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 21:19 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab
2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt
2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe
2014-04-04 04:29 - 2014-04-11 13:47 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk
2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe
2014-04-02 02:22 - 2014-04-11 13:48 - 00003198 _____ () C:\Windows\setupact.log
2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
2014-04-01 10:22 - 2014-04-09 16:27 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx
2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe
2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 17:26 - 2014-03-30 17:27 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt
2014-03-30 17:12 - 2014-03-30 17:21 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish
2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 16:50 - 2014-04-10 17:08 - 00013023 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx
2014-03-26 17:01 - 2014-04-10 17:03 - 00010155 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx
2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
2014-03-21 18:11 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2014-03-21 18:11 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect
2014-03-19 08:18 - 2014-03-25 17:04 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx
2014-03-19 08:17 - 2014-03-25 17:03 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx
2014-03-18 23:21 - 2014-04-01 15:13 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro
2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-03-18 13:14 - 2014-03-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-18 13:11 - 2014-03-18 13:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 12:13 - 2014-03-18 12:29 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero
2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-03-18 12:03 - 2014-03-18 12:11 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair
2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead
2014-03-17 13:43 - 2014-03-18 01:50 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth
2014-03-16 22:13 - 2002-01-05 07:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-03-16 22:13 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-03-16 16:55 - 2014-03-16 16:56 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]
2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software
2014-03-15 18:08 - 2014-04-07 11:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-15 18:08 - 2014-04-07 11:04 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-15 18:08 - 2014-04-07 11:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-15 18:08 - 2014-04-07 11:04 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-13 00:54 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 00:54 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 00:54 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 00:54 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 00:54 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 00:54 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 00:54 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 00:54 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 00:54 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 00:54 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 00:54 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 00:54 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 00:54 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 00:54 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 00:54 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 00:54 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 00:54 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 00:54 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 00:54 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 00:54 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 00:54 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 00:54 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 00:54 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 00:54 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 00:54 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 00:54 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 00:54 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 00:54 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 00:54 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 00:54 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 00:54 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 00:54 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 00:54 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 00:54 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 00:54 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 00:54 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 00:51 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:51 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 00:51 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 00:50 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:45 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 00:45 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:45 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 00:45 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 08:17 - 2014-03-12 08:17 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-04-11 14:02 - 2014-04-11 14:02 - 00019365 _____ () C:\Users\Byron\Downloads\FRST.txt
2014-04-11 14:02 - 2014-04-11 14:01 - 00000000 ____D () C:\FRST
2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt
2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp
2014-04-11 13:57 - 2012-04-17 08:17 - 00000000 ____D () C:\Qoobox
2014-04-11 13:55 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 13:55 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 13:54 - 2000-03-22 03:27 - 01612114 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 13:49 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-11 13:48 - 2014-04-02 02:22 - 00003198 _____ () C:\Windows\setupact.log
2014-04-11 13:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 13:47 - 2014-04-04 04:29 - 00001700 _____ () C:\Windows\PFRO.log
2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2014-04-11 13:30 - 2012-09-16 15:32 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\BitTorrent
2014-04-11 13:17 - 2012-04-04 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp
2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp
2014-04-11 01:27 - 2014-04-11 01:19 - 525038428 ____R () C:\Users\Byron\Downloads\The.Amazing.Race.S24E06.HDTV.x264-LOL.mp4
2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent
2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E14 HDTV x264-2HD[ettv]
2014-04-10 23:12 - 2014-04-10 23:12 - 00000000 ____D () C:\Users\Byron\Downloads\The Voice S06E13 HDTV x264-2HD[ettv]
2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent
2014-04-10 17:10 - 2011-06-24 23:24 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\vlc
2014-04-10 17:08 - 2014-03-27 16:50 - 00013023 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx
2014-04-10 17:03 - 2014-03-26 17:01 - 00010155 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx
2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp
2014-04-09 22:40 - 2009-07-13 22:13 - 00006522 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E
2014-04-09 21:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 21:12 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk
2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-09 21:11 - 2014-04-09 21:10 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-09 16:27 - 2014-04-01 10:22 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx
2014-04-09 03:07 - 2011-04-30 00:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 03:05 - 2013-07-28 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 03:02 - 2011-04-30 20:52 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 18:54 - 2012-08-26 23:40 - 03742208 ___SH () C:\Users\Byron\Desktop\Thumbs.db
2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-07 11:04 - 2014-03-15 18:08 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-07 11:04 - 2014-03-15 18:08 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-07 11:04 - 2014-03-15 18:08 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-07 11:04 - 2014-03-15 18:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab
2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt
2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe
2014-04-06 21:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk
2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe
2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm
2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files
2014-04-01 15:13 - 2014-03-18 23:21 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-04-01 15:13 - 2013-11-11 19:33 - 00000000 ____D () C:\Users\Byron\AppData\Local\NativeMessaging
2014-04-01 15:13 - 2012-07-01 17:58 - 00000000 ____D () C:\Users\Byron\AppData\Local\Conduit
2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe
2014-03-31 17:47 - 2013-02-12 00:43 - 00000000 ___RD () C:\Users\Byron\Desktop\Jim Rohn
2014-03-31 12:00 - 2011-06-21 12:40 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Dropbox
2014-03-30 23:42 - 2011-06-21 12:44 - 00000000 ___RD () C:\Users\Byron\Dropbox
2014-03-30 23:42 - 2011-04-29 19:50 - 00000000 ___RD () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 18:16 - 2014-04-08 21:20 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:13 - 2014-04-08 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 17:27 - 2014-03-30 17:26 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt
2014-03-30 17:21 - 2014-03-30 17:12 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish
2014-03-30 17:13 - 2014-04-08 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 16:57 - 2014-04-08 21:20 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps
2014-03-25 17:04 - 2014-03-19 08:18 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx
2014-03-25 17:03 - 2014-03-19 08:17 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx
2014-03-21 16:06 - 2011-04-29 19:50 - 00000000 ____D () C:\Users\Byron
2014-03-21 15:19 - 2012-03-17 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-21 15:12 - 2011-12-31 07:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect
2014-03-20 22:49 - 2012-09-03 10:08 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2014-03-20 22:49 - 2012-09-03 10:07 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2014-03-20 22:47 - 2012-09-03 10:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA
2014-03-20 22:47 - 2012-09-03 10:08 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core
2014-03-20 22:28 - 2012-11-26 23:19 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job
2014-03-20 22:28 - 2012-11-26 23:19 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job
2014-03-19 20:24 - 2000-03-22 03:45 - 00003070 _____ () C:\Windows\System32\Tasks\ACMON
2014-03-19 20:19 - 2011-04-29 22:19 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-19 20:19 - 2011-04-29 22:19 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-19 20:13 - 2011-04-29 20:26 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Adobe
2014-03-19 20:13 - 2011-04-29 20:26 - 00000000 ____D () C:\Users\Byron\AppData\Local\Adobe
2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro
2014-03-18 23:15 - 2000-03-22 03:46 - 00003092 _____ () C:\Windows\System32\Tasks\WC3
2014-03-18 23:15 - 2000-03-22 03:45 - 00003112 _____ () C:\Windows\System32\Tasks\ASUSControlDeck
2014-03-18 23:15 - 2000-03-22 03:45 - 00003042 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-03-18 23:15 - 2000-03-22 03:45 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-03-18 23:15 - 2000-03-22 03:45 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS SmartLogon Console Sensor
2014-03-18 23:11 - 2012-11-26 23:19 - 00003916 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA
2014-03-18 23:11 - 2012-11-26 23:19 - 00003548 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core
2014-03-18 21:44 - 2012-01-08 22:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 21:44 - 2012-01-08 22:30 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 13:42 - 2014-03-18 13:11 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-03-18 13:42 - 2012-04-15 10:50 - 00000000 ____D () C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2014-03-18 13:42 - 2012-04-08 09:58 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\HpUpdate
2014-03-18 13:42 - 2012-03-11 01:29 - 00000000 ____D () C:\Users\Byron\AppData\Local\Downloaded Installations
2014-03-18 13:42 - 2012-02-14 18:58 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2014-03-18 13:42 - 2011-04-30 01:39 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-03-18 13:42 - 2011-04-30 00:39 - 00000000 ____D () C:\Users\Byron\AppData\Local\Microsoft Help
2014-03-18 13:34 - 2012-01-08 22:30 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 13:34 - 2012-01-08 22:30 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 13:17 - 2011-12-13 20:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-03-18 13:15 - 2014-03-18 13:14 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-03-18 13:14 - 2011-12-13 20:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\TuneUp Software
2014-03-18 12:29 - 2014-03-18 12:13 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero
2014-03-18 12:25 - 2000-03-22 03:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-03-18 12:11 - 2014-03-18 12:03 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-03-18 12:06 - 2011-04-29 22:29 - 00000000 ____D () C:\ProgramData\Nero
2014-03-18 11:39 - 2014-03-02 23:42 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit
2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair
2014-03-18 01:50 - 2014-03-17 13:43 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth
2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead
2014-03-16 23:21 - 2011-05-01 01:33 - 00000000 ____D () C:\Windows\pss
2014-03-16 16:56 - 2014-03-16 16:55 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]
2014-03-16 16:36 - 2014-03-07 23:23 - 00000000 ____D () C:\Users\Byron\AppData\Local\Ahead
2014-03-15 21:13 - 2011-04-30 01:57 - 00000000 ____D () C:\Users\Byron\Documents\BlackBerry
2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software
2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-15 17:17 - 2011-06-03 10:48 - 00007597 _____ () C:\Users\Byron\AppData\Local\Resmon.ResmonCfg
2014-03-13 18:10 - 2011-09-02 08:57 - 00000000 ____D () C:\Users\Byron\AppData\Local\Workspace
2014-03-13 03:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-12 08:45 - 2014-03-12 08:45 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-12 08:18 - 2012-04-04 00:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:17 - 2014-03-12 08:17 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 08:17 - 2012-04-04 00:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:17 - 2011-09-15 18:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Windows\Installer\{cbcbd993-506d-96b9-6602-879c2385f055}

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cbcbd993-506d-96b9-6602-879c2385f055}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2014-04-09 21:42

==================== End Of Log ============================

#6 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 11 April 2014 - 03:28 PM

Before we continue....would it be accurate in saying that you probably have ran ComboFix on your system about 10 times already???

Please go to C:\ComboFix5.txt and attach that text file.

#7 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 11 April 2014 - 05:03 PM

I ran ComboFix the last year in the summer when I fixed my computer then. But i haven't run it since then, until you mentioned it today. So I downloaded it, ran it, and posted the txt.

#8 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 11 April 2014 - 05:08 PM

ComboFix 12-04-15.02 - Byron 04/15/2012 10:15:50.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2051 [GMT -7:00]

Running from: c:\users\Byron\Downloads\ComboFix.exe

AV: CA Anti-Virus Plus *Enabled/Updated* {3EED0195-0A4B-4EF3-CC4F-4F401BDC245F}

SP: CA Anti-Virus Plus *Enabled/Updated* {858CE071-2C71-417D-F6FF-7432605B6EE2}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files (x86)\Common Files\ASPG_icon.ico

c:\programdata\~TtFsssGC9NcELH

c:\programdata\~TtFsssGC9NcELHr

c:\programdata\TtFsssGC9NcELH

c:\users\Byron\AppData\Local\uninstall.tmp

c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\Byron\Documents\~WRL0002.tmp

c:\users\Byron\g2mdlhlpx.exe

((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))

2012-04-15 17:29 . 2012-04-15 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-15 17:29 . 2012-04-15 17:29 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-04-12 15:11 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 15:11 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 15:11 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 15:08 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 15:08 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 15:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 15:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 15:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 15:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 15:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-08 17:03 . 2012-04-08 17:03 -------- d-----w- c:\programdata\WEBREG

2012-04-08 17:01 . 2012-04-08 17:04 -------- d-----w- c:\users\Byron\AppData\Roaming\HP

2012-04-08 16:51 . 2010-05-31 04:36 358744 ----a-w- c:\windows\system32\hpzids40.dll

2012-04-08 16:51 . 2010-02-01 06:54 944128 ----a-w- c:\windows\system32\hpwwiax4.dll

2012-04-08 16:51 . 2010-02-01 06:54 740864 ----a-w- c:\windows\system32\hpwtscl3.dll

2012-04-08 16:51 . 2010-02-01 06:54 540672 ----a-w- c:\windows\system32\hppldcoi.dll

2012-04-08 16:51 . 2010-02-01 06:54 488960 ----a-w- c:\windows\system32\hpovst11.dll

2012-04-04 08:17 . 2012-04-14 07:17 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 07:39 . 2012-04-14 07:17 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-03 14:44 . 2012-04-03 14:44 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-04-03 14:44 . 2012-04-03 14:44 -------- d-----w- c:\program files (x86)\Java

2012-03-28 05:42 . 2012-03-28 05:42 -------- d-----w- c:\users\Byron\AppData\Roaming\Uniblue

2012-03-27 16:36 . 2012-03-28 05:39 -------- dc----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2012-03-27 05:45 . 2012-03-27 05:46 -------- d-----w- c:\programdata\SecTaskMan

2012-03-27 05:45 . 2012-03-27 05:45 -------- d-----w- c:\program files (x86)\Security Task Manager

2012-03-19 12:39 . 2012-03-19 12:39 -------- d-----w- c:\program files (x86)\Uniblue

2012-03-19 12:39 . 2012-03-19 12:39 -------- d-----w- c:\users\Byron\AppData\Local\PackageAware

2012-03-19 10:41 . 2012-03-19 14:33 -------- d-----w- c:\users\Byron\AppData\Roaming\Registry Mechanic

2012-03-19 10:35 . 2011-10-25 20:44 40408 ----a-w- c:\windows\system32\CleanMFT64.exe

2012-03-19 10:35 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx

2012-03-19 10:35 . 2008-04-02 22:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx

2012-03-19 10:35 . 2008-04-02 22:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx

2012-03-19 10:35 . 2004-08-04 14:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll

2012-03-19 10:35 . 2008-09-18 04:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX

2012-03-19 10:35 . 2012-03-19 10:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-03-18 06:43 . 2012-04-04 06:46 -------- d-----w- c:\program files (x86)\DesktopCentral_Server

2012-03-18 00:59 . 2012-03-18 00:59 -------- d-----w- C:\$AVG

2012-03-17 23:50 . 2012-03-17 23:50 -------- d-----w- c:\users\Byron\AppData\Roaming\AVG2012

2012-03-17 23:47 . 2012-03-17 23:47 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-03-17 23:46 . 2012-03-19 01:37 -------- d-----w- c:\windows\system32\drivers\AVG

2012-03-17 23:46 . 2012-03-18 00:03 -------- d-----w- c:\programdata\AVG2012

2012-03-17 23:46 . 2012-03-17 23:46 -------- d-----w- c:\program files (x86)\AVG

2012-03-17 20:58 . 2012-03-17 20:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 20:58 . 2012-03-17 20:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-14 07:17 . 2011-09-16 01:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-03 14:44 . 2011-05-01 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-05 03:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-03-05 03:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-02-17 06:38 . 2012-03-13 17:19 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 17:19 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 17:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 17:19 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 02:20 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 02:20 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-09 13:13 . 2012-02-17 03:20 35648 ----a-w- c:\windows\system32\uxtuneup.dll

2012-02-09 13:13 . 2012-02-15 02:00 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2012-02-09 13:13 . 2012-02-17 03:20 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2012-02-09 13:13 . 2012-02-15 02:00 25920 ----a-w- c:\windows\system32\authuitu.dll

2012-02-09 13:13 . 2012-02-15 02:00 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34 . 2012-03-14 02:20 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-13 17:19 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-13 17:19 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-13 17:19 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Starfield Updater"="c:\users\Byron\AppData\Local\Workspace\workspaceupdate.exe" [2012-03-18 34496]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2988488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-10-25 103896]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

c:\users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Byron\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 DIRECTIO;DIRECTIO; [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 136176]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]

R3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys [x]

R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [x]

R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]

S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-02-21 1188624]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:17]

2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000Core.job

- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 04:24]

2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700817450-263443993-1340972289-1000UA.job

- c:\users\Byron\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-26 04:24]

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-09 05:29]

2012-04-15 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-03-28 06:47]

2012-04-15 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-03-19 14:31]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Byron\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\bjib83g8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe

c:\program files (x86)\HP\HP Software Update\HPWUCli.exe

**************************************************************************

Completion time: 2012-04-15 10:41:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-15 17:41

Pre-Run: 70,302,765,056 bytes free

Post-Run: 71,459,684,352 bytes free

- - End Of File - - 9415648212E709D58953950F35ED43D6

#9 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 April 2014 - 12:49 PM

Oh....you have CA Antivirus.....ComboFix can get a bit wonky with that. Rather than having you uninstall it....please do the following:

FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------

#10 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 12 April 2014 - 01:13 PM

Hi Jeff,

I don't use CA Antivirus. I didn't even know it was still on my system. I use Avast Antivirus.

CA Antivirus doesn't show up in my Control Panel.

Edited by Bperkins7468, 12 April 2014 - 01:14 PM.

Advertisements

Register to Remove

#11 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 April 2014 - 04:49 PM

It was still showing up in the logs.

To be on the safe side, go ahead with FRST and post the new log please.

#12 Bperkins7468

Authentic Member

Authentic Member
92 posts

Posted 12 April 2014 - 10:26 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01

Ran by Byron (administrator) on BYRON-PC on 12-04-2014 21:25:01

Running from C:\Users\Byron\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe

(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe

(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

() C:\Users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

(BitTorrent Inc.) C:\Users\Byron\AppData\Roaming\BitTorrent\BitTorrent.exe

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

(Microsoft Corporation) C:\Windows\system32\prevhost.exe

(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe

(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

(Google Inc.) C:\Users\Byron\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Byron\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-07] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Byron\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION

HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Run: [Amazon Cloud Player] - C:\Users\Byron\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()

HKU\S-1-5-21-3700817450-263443993-1340972289-1000\...\Policies\Explorer: [NoInstrumentation] 1

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3B23407861ECC01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1024417699&ir=

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKLM-x32 - DefaultScope {D3245D6C-6383-4823-9EF2-FA463514A51C} URL =

SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...7-025031DC0501}

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKCU - {9E94E40B-C742-41CB-BAC0-BD5D590DCCA5} URL = http://search.yahoo....p={searchTerms}

SearchScopes: HKCU - {B4D84896-6918-41DD-B848-1268BE62AF29} URL = https://www.google.c...q={searchTerms}

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - No File

BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File

Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default

FF user.js: detected! => C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\user.js

FF SelectedSearchEngine: Conduit Search

FF Homepage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED&SSPV=

FF NewTab: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP6B97143B-82C1-4CBF-938B-534D73AE67ED

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)

FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Byron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @starfield.com/off - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)

FF Plugin HKCU: @starfield.com/off64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)

FF Plugin HKCU: @starfield.com/wbe - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)

FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Byron\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Byron\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Byron\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)

FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)

FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)

FF Plugin ProgramFiles/Appdata: C:\Users\Byron\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)

FF SearchPlugin: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\lbefp8bo.default\searchplugins\conduit-search.xml

FF Extension: WBE Paste - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2011-06-14]

FF Extension: Workspace Email Zoom - C:\Users\Byron\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2011-06-14]

FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248

FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-03]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-15]

Chrome:

=======

CHR Extension: (avast! Online Security) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]

CHR Extension: (Google Wallet) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Byron\AppData\Local\funmoods.crx [2013-08-30]

CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Byron\AppData\Local\funmoods-speeddial_sf.crx [2013-08-30]

CHR HKCU\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]

CHR HKLM-x32\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-12-12]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-07]

CHR HKLM-x32\...\Chrome\Extension: [medkndcadfefmiifpnlapbeoajnjiahj] - C:\Users\Byron\AppData\Local\CRE\medkndcadfefmiifpnlapbeoajnjiahj.crx [2013-12-12]

CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Byron\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2013-12-12]

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2013-12-12]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-07] (AVAST Software)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited)

R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)

R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-10-25] (PC Tools)

R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.)

R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software)

S4 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)

S4 avgfws; No ImagePath

S4 AVGIDSAgent; No ImagePath

S4 avgwd; No ImagePath

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-07] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-07] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-07] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-07] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-07] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-07] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-07] ()

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)

S4 AVGIDSDriver; No ImagePath

S4 AVGIDSHA; No ImagePath

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)

S4 Avgrkx64; No ImagePath

S4 Avgtdia; No ImagePath

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)

S3 catchme; No ImagePath

S3 DIRECTIO; No ImagePath

S2 eamonm; No ImagePath

S1 ehdrv; No ImagePath

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 massfilter; No ImagePath

S3 PCTINDIS5X64; No ImagePath

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)

R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-04-26] (Research in Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()

R3 tmobile_mf691_dc_enum; C:\Windows\System32\DRIVERS\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)

S3 TuneUpUtilitiesDrv; No ImagePath

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)

S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated)

S3 ZTEusbMB; No ImagePath

S3 ZTEusbmdm6k; No ImagePath

S3 ZTEusbnmea; No ImagePath

S3 ZTEusbser6k; No ImagePath

S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-12 21:24 - 2014-04-12 21:24 - 02157568 _____ (Farbar) C:\Users\Byron\Downloads\FRST64 (1).exe

2014-04-12 21:12 - 2014-04-12 21:12 - 00064837 _____ () C:\Users\Byron\Downloads\libsrpos_plugin-0.3.win.zip

2014-04-12 21:03 - 2014-04-12 21:10 - 00000000 ____D () C:\Users\Byron\Downloads\Suits.S03E16.720p.HDTV.x264-KILLERS [PublicHD]

2014-04-12 21:03 - 2014-04-12 21:03 - 00005886 _____ () C:\Users\Byron\Downloads\[kickass.to]suits.s03e16.720p.hdtv.x264.killers.publichd.torrent

2014-04-12 10:46 - 2014-04-12 10:46 - 00017133 _____ () C:\Users\Byron\Downloads\[kickass.to]hannibal.s02e07.hdtv.x264.lol.ettv.torrent

2014-04-11 22:55 - 2014-04-11 22:55 - 00221400 _____ () C:\Users\Byron\Downloads\[kickass.to]ufc.fight.night.40.nogueira.vs.nelson.720p.hdtv.x264.koenig.rartv.torrent

2014-04-11 22:54 - 2014-04-11 22:54 - 00014723 _____ () C:\Users\Byron\Downloads\[kickass.to]joe.2013.hdrip.xvid.ac3.aqos.torrent

2014-04-11 16:43 - 2014-04-11 16:43 - 01240576 _____ () C:\Users\Byron\Downloads\SanJose-Event-Promotion.ppt

2014-04-11 14:12 - 2014-04-11 14:12 - 00001404 _____ () C:\Users\Byron\Downloads\agent (5).jnlp

2014-04-11 14:08 - 2014-04-11 14:08 - 00001404 _____ () C:\Users\Byron\Downloads\agent (4).jnlp

2014-04-11 14:04 - 2014-04-11 14:04 - 00048707 _____ () C:\Users\Byron\Desktop\Addition.txt

2014-04-11 14:02 - 2014-04-12 21:25 - 00019897 _____ () C:\Users\Byron\Downloads\FRST.txt

2014-04-11 14:02 - 2014-04-11 14:03 - 00048707 _____ () C:\Users\Byron\Downloads\Addition.txt

2014-04-11 14:01 - 2014-04-12 21:25 - 00000000 ____D () C:\FRST

2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe

2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt

2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp

2014-04-11 13:32 - 2014-04-11 13:32 - 05196025 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe

2014-04-11 12:11 - 2014-04-11 12:11 - 01056256 _____ () C:\Users\Byron\Desktop\NFL_ST_PROFIT_CALCULATOR.xls

2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (2).jnlp

2014-04-11 08:29 - 2014-04-11 08:29 - 00001404 _____ () C:\Users\Byron\Downloads\agent (1).jnlp

2014-04-11 01:19 - 2014-04-11 01:19 - 00020502 _____ () C:\Users\Byron\Downloads\[kickass.to]the.amazing.race.s24e06.hdtv.x264.lol.eztv.torrent

2014-04-10 23:14 - 2014-04-10 23:14 - 00009606 _____ () C:\Users\Byron\Downloads\[kickass.to]the.blacklist.s01e18.hdtv.x264.lol.eztv.torrent

2014-04-10 23:12 - 2014-04-10 23:12 - 00045113 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e13.hdtv.x264.2hd.ettv.torrent

2014-04-10 23:12 - 2014-04-10 23:12 - 00027753 _____ () C:\Users\Byron\Downloads\[kickass.to]the.voice.s06e14.hdtv.x264.2hd.ettv.torrent

2014-04-10 23:11 - 2014-04-10 23:11 - 00025443 _____ () C:\Users\Byron\Downloads\[kickass.to]vikings.s02e07.hdtv.x264.excellence.ettv.torrent

2014-04-10 08:16 - 2014-04-10 08:16 - 00001404 _____ () C:\Users\Byron\Downloads\agent.jnlp

2014-04-09 22:10 - 2014-04-09 22:10 - 00000000 ____D () C:\Users\Byron\Documents\BLACKBERRY-C16E

2014-04-09 21:11 - 2014-04-09 21:12 - 00000000 ____D () C:\Users\Byron\AppData\Local\Amazon Cloud Player

2014-04-09 21:11 - 2014-04-09 21:11 - 00001212 _____ () C:\Users\Byron\Desktop\Amazon Cloud Player.lnk

2014-04-09 21:11 - 2014-04-09 21:11 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player

2014-04-09 21:10 - 2014-04-09 21:11 - 36335656 _____ (Amazon) C:\Users\Byron\Downloads\AmazonCloudPlayerInstaller_r26.exe

2014-04-08 21:20 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-08 21:20 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-08 21:20 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-08 21:20 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-08 21:19 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-08 21:19 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-08 21:19 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-08 21:19 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-08 21:19 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-08 21:19 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-08 21:19 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 21:19 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-08 21:19 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-08 21:19 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-08 21:19 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-08 21:19 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-08 21:19 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-08 21:19 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-08 21:19 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-08 21:19 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-08 21:19 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-07 11:04 - 2014-04-07 11:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-04-06 23:50 - 2014-04-06 23:50 - 03930783 _____ () C:\Users\Byron\Downloads\OnlineScanner.cab

2014-04-06 21:56 - 2014-04-06 21:56 - 00184282 _____ () C:\Users\Byron\Downloads\OTL.Txt

2014-04-06 21:41 - 2014-04-06 21:41 - 00602112 _____ (OldTimer Tools) C:\Users\Byron\Downloads\OTL.exe

2014-04-04 04:29 - 2014-04-11 13:47 - 00001700 _____ () C:\Windows\PFRO.log

2014-04-03 00:06 - 2014-04-03 00:06 - 00000875 _____ () C:\Users\Byron\Desktop\BitTorrent.lnk

2014-04-03 00:06 - 2014-04-03 00:06 - 00000855 _____ () C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2014-04-03 00:04 - 2014-04-03 00:04 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent (1).exe

2014-04-02 02:22 - 2014-04-12 11:56 - 00003478 _____ () C:\Windows\setupact.log

2014-04-02 02:22 - 2014-04-02 02:22 - 00000000 _____ () C:\Windows\setuperr.log

2014-04-01 15:23 - 2014-04-01 15:23 - 00225686 _____ () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email.htm

2014-04-01 15:23 - 2014-04-01 15:23 - 00000000 ____D () C:\Users\Byron\Desktop\Internet is extremely slow - Browsers, Internet and email_files

2014-04-01 10:22 - 2014-04-09 16:27 - 00112084 _____ () C:\Users\Byron\Desktop\Food 3 27 14.xlsx

2014-03-31 22:43 - 2014-03-31 22:43 - 01615960 _____ (BitTorrent Inc.) C:\Users\Byron\Downloads\bittorrent.exe

2014-03-30 23:40 - 2014-03-30 23:40 - 00422256 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-30 17:26 - 2014-03-30 17:27 - 06228992 _____ () C:\Users\Byron\Desktop\ACN_Comp.ppt

2014-03-30 17:12 - 2014-03-30 17:21 - 00000000 ____D () C:\Users\Byron\Desktop\Tools in Spanish

2014-03-29 02:00 - 2014-03-29 02:00 - 00110088 _____ () C:\Users\Byron\AppData\Local\GDIPFONTCACHEV1.DAT

2014-03-27 16:50 - 2014-04-11 16:00 - 00013058 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx

2014-03-26 17:01 - 2014-04-11 16:51 - 00010159 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx

2014-03-25 19:55 - 2014-03-25 19:55 - 08407552 _____ () C:\Users\Byron\Desktop\Powerpoint Presentation 2.pps

2014-03-21 18:11 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2014-03-21 18:11 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2014-03-21 14:17 - 2014-03-21 14:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Users\Byron\AppData\Local\SearchProtect

2014-03-19 08:18 - 2014-03-25 17:04 - 00117630 _____ () C:\Users\Byron\Desktop\Mar14 Leads..xlsx

2014-03-19 08:17 - 2014-03-25 17:03 - 00010136 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart.xlsx

2014-03-18 23:21 - 2014-04-01 15:13 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2014-03-18 23:21 - 2014-03-18 23:21 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Optimizer Pro

2014-03-18 13:15 - 2014-03-18 13:15 - 00002211 _____ () C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk

2014-03-18 13:15 - 2014-03-18 13:15 - 00002185 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk

2014-03-18 13:14 - 2014-03-18 13:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014

2014-03-18 13:11 - 2014-03-18 13:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2014-03-18 12:13 - 2014-03-18 12:29 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Nero

2014-03-18 12:12 - 2014-03-18 12:12 - 00000000 ____D () C:\Windows\System32\Tasks\Nero

2014-03-18 12:03 - 2014-03-18 12:11 - 00000000 ____D () C:\Program Files (x86)\Nero

2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\Byron\Documents\Optimizer Pro

2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\IObit

2014-03-18 01:57 - 2014-03-18 01:57 - 00000000 ____D () C:\Program Files (x86)\Evonsoft Computer Repair

2014-03-17 20:34 - 2014-03-17 20:34 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\Ahead

2014-03-17 13:43 - 2014-03-18 01:50 - 00000000 ____D () C:\Users\Byron\Downloads\Brain Sync - Attract Wealth

2014-03-16 22:13 - 2002-01-05 07:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll

2014-03-16 22:13 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL

2014-03-16 16:55 - 2014-03-16 16:56 - 00000000 ____D () C:\Users\Byron\Downloads\Cheetah DVD Burner 2.51 + Serial-[HB]

2014-03-15 18:09 - 2014-03-15 18:09 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\AVAST Software

2014-03-15 18:08 - 2014-04-07 11:04 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-03-15 18:08 - 2014-04-07 11:04 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-03-15 18:08 - 2014-04-07 11:04 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-03-15 18:08 - 2014-04-07 11:04 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-03-15 18:07 - 2014-03-15 18:07 - 00000000 ____D () C:\Program Files\AVAST Software

2014-03-15 18:06 - 2014-03-15 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-03-13 00:54 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-13 00:54 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-13 00:54 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-13 00:54 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-13 00:54 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-13 00:54 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-13 00:54 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-13 00:54 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-13 00:54 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-13 00:54 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-13 00:54 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-13 00:54 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-13 00:54 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-13 00:54 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-13 00:54 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-13 00:54 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-13 00:54 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-13 00:54 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-13 00:54 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-13 00:54 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-13 00:54 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-13 00:54 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-13 00:54 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-13 00:54 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-13 00:54 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-13 00:54 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-13 00:54 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-13 00:54 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-13 00:54 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-13 00:54 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-13 00:54 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-13 00:54 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-13 00:54 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-13 00:54 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-13 00:54 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-13 00:54 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-13 00:51 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-13 00:51 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-13 00:51 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-13 00:50 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-13 00:45 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-13 00:45 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-13 00:45 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-13 00:45 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-12 21:25 - 2014-04-11 14:02 - 00019897 _____ () C:\Users\Byron\Downloads\FRST.txt

2014-04-12 21:25 - 2014-04-11 14:01 - 00000000 ____D () C:\FRST

2014-04-12 21:25 - 2012-09-16 15:32 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\BitTorrent

2014-04-12 21:24 - 2014-04-12 21:24 - 02157568 _____ (Farbar) C:\Users\Byron\Downloads\FRST64 (1).exe

2014-04-12 21:17 - 2012-04-04 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-12 21:12 - 2014-04-12 21:12 - 00064837 _____ () C:\Users\Byron\Downloads\libsrpos_plugin-0.3.win.zip

2014-04-12 21:10 - 2014-04-12 21:03 - 00000000 ____D () C:\Users\Byron\Downloads\Suits.S03E16.720p.HDTV.x264-KILLERS [PublicHD]

2014-04-12 21:10 - 2011-06-24 23:24 - 00000000 ____D () C:\Users\Byron\AppData\Roaming\vlc

2014-04-12 21:03 - 2014-04-12 21:03 - 00005886 _____ () C:\Users\Byron\Downloads\[kickass.to]suits.s03e16.720p.hdtv.x264.killers.publichd.torrent

2014-04-12 11:56 - 2014-04-02 02:22 - 00003478 _____ () C:\Windows\setupact.log

2014-04-12 10:46 - 2014-04-12 10:46 - 00017133 _____ () C:\Users\Byron\Downloads\[kickass.to]hannibal.s02e07.hdtv.x264.lol.ettv.torrent

2014-04-11 22:55 - 2014-04-11 22:55 - 00221400 _____ () C:\Users\Byron\Downloads\[kickass.to]ufc.fight.night.40.nogueira.vs.nelson.720p.hdtv.x264.koenig.rartv.torrent

2014-04-11 22:54 - 2014-04-11 22:54 - 00014723 _____ () C:\Users\Byron\Downloads\[kickass.to]joe.2013.hdrip.xvid.ac3.aqos.torrent

2014-04-11 16:51 - 2014-03-26 17:01 - 00010159 _____ () C:\Users\Byron\Desktop\Byron Perkins Sales Chart (2).xlsx

2014-04-11 16:43 - 2014-04-11 16:43 - 01240576 _____ () C:\Users\Byron\Downloads\SanJose-Event-Promotion.ppt

2014-04-11 16:00 - 2014-03-27 16:50 - 00013058 _____ () C:\Users\Byron\Desktop\Pipeline Report (2).xlsx

2014-04-11 14:18 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-11 14:18 - 2009-07-13 21:45 - 00010240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-11 14:12 - 2014-04-11 14:12 - 00001404 _____ () C:\Users\Byron\Downloads\agent (5).jnlp

2014-04-11 14:10 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-11 14:09 - 2000-03-22 03:27 - 01676591 _____ () C:\Windows\WindowsUpdate.log

2014-04-11 14:08 - 2014-04-11 14:08 - 00001404 _____ () C:\Users\Byron\Downloads\agent (4).jnlp

2014-04-11 14:04 - 2014-04-11 14:04 - 00048707 _____ () C:\Users\Byron\Desktop\Addition.txt

2014-04-11 14:03 - 2014-04-11 14:02 - 00048707 _____ () C:\Users\Byron\Downloads\Addition.txt

2014-04-11 14:00 - 2014-04-11 14:00 - 02157056 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe

2014-04-11 13:57 - 2014-04-11 13:57 - 00027825 _____ () C:\ComboFix.txt

2014-04-11 13:57 - 2014-04-11 13:57 - 00001404 _____ () C:\Users\Byron\Downloads\agent (3).jnlp

2014-04-11 13:57 - 2012-04-17 08:17 - 00000000 ____D () C:\Qoobox

2014-04-11 13:49 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-11 13:47 - 2014-04-04 04:29 - 00001700 _____ () C:\Windows\PFRO.log